AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (2.2 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication

Guanxiong Ha1,2Hang Chen1,2Chunfu Jia1,2( )Mingyue Li1,2
College of Cyber Science, Nankai University, Tianjin 300350, China
Tianjin Key Laboratory of Network and Data Security Technology, Tianjin 300350, China
Show Author Information

Abstract

In cloud storage, client-side deduplication is widely used to reduce storage and communication costs. In client-side deduplication, if the cloud server detects that the user’s outsourced data have been stored, then clients will not need to reupload the data. However, the information on whether data need to be uploaded can be used as a side-channel, which can consequently be exploited by adversaries to compromise data privacy. In this paper, we propose a new threat model against side-channel attacks. Different from existing schemes, the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files, and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks. Under this threat model, we design two defense schemes to minimize privacy leakage, both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy. We analyze the security of our schemes, and evaluate their performances based on a real-world dataset. Compared with existing schemes, our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.

References

[1]
W. Xia, H. Jiang, D. Feng, F. Douglis, P. Shilane, Y. Hua, M. Fu, Y. C. Zhang, and Y. K. Zhou, A comprehensive study of the past, present, and future of data deduplication, Proceedings of the IEEE, vol. 104, no. 9, pp. 16811710, 2016.
[2]
Y. Shin, D. Koo, and J. Hur, A Survey of secure data deduplication schemes for cloud storage systems, ACM Computing Surveys, vol. 49, no. 74, pp. 138, 2017.
[3]
D. T. Meyer and W. J. Bolosky, A study of practical deduplication, presented at 9th USENIX Conference on File and Storage Technologies, San Jose, CA, USA, 2011.
[4]
J. Li, Z. Yang, Y. Ren, P. Lee, and X. Zhang, Balancing storage efficiency and data confidentiality with tunable encrypted deduplication, presented at 15th EuroSys Conference on Computer Systems, Heraklion, Greece, 2020.
[5]
J. Li, P. P. C. Lee, Y. Ren, and X. Zhang, Metadedup: Deduplicating metadata in encrypted deduplication via indirection, presented at 35th Symposium on Mass Storage Systems and Technologies (MSST), Santa Clara, CA, USA, 2019.
[6]
M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl, Dark clouds on the horizon: Using cloud storage as attack vector and online slack space, presented at 20th USENIX Security Symposium, San Francisco, CA, USA, 2011.
[7]
D. Harnik, B. Pinkas, and A. Shulman-Peleg, Side-channels in cloud services: Deduplication in cloud storage, IEEE Security & Privacy, vol. 8, no. 6, pp. 4047, 2010.
[8]
Z. Pooranian, K. Chen, C. Yu, and M. Conti, RARE: Defeating side-channels based on data-deduplication in cloud storage, presented at IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Honolulu, HI, USA, 2018.
[9]
C. Yu, S. P. Gochhayat, M. Conti, and C. Lu, Privacy aware data deduplication for side-channel in cloud storage, IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 597609, 2020.
[10]
F. Armknecht, J. Bohli, G. O. Karame, and F. Youssef, Transparent data deduplication in the cloud, presented at 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 2015.
[11]
M. Bellare, S. Keelveedhi, and T. Ristenpart, Messagelocked encryption and secure deduplication, presented at 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, 2013.
[12]
J. Li, Y. K. Li, X. Chen, P. P. C. Lee, and W. Lou, A hybrid cloud approach for secure authorized deduplication, IEEE Trans. Parallel Distributed Syst., vol. 26, no. 5, pp. 12061216, 2015.
[13]
Y. K. Zhou, D. Feng, W. Xia, M. Fu, F. T. Huang, Y. C. Zhang, and C. G. Li, SecDep: A user-aware efficient finegrained secure deduplication scheme with multilevel key management, presented at 31st IEEE Symposium on Mass Storage Systems and Technologies, Santa Clara, CA, USA, 2015.
[14]
R. M. Chen, Y. Mu, G. M. Yang, and F. C. Guo, BL-MLE: Blocklevel message-locked encryption for secure large file deduplication, IEEE Trans. Inf. Forensics Secur., vol. 10, no. 12, pp. 26432652, 2015.
[15]
J. W. Li, P. P. C. Lee, C. F. Tan, C. Qin, and X. S. Zhang, Information leakage in encrypted deduplication via frequency analysis: Attacks and defenses, ACM Trans. Storage., vol. 16, no. 1, pp. 130, 2020.
[16]
J. Stanek and L. Kencl, Enhanced secure thresholded data deduplication scheme for cloud storage, IEEE Trans. Dependable Secur. Comput., vol. 15, no. 4, pp. 694707, 2018.
[17]
P. F. Zuo, Y. Hua, C. Wang, W. Xia, S. D. Cao, Y. K. Zhou, and Y. Y. Sun, Mitigating traffic-based side-channel attacks in bandwidth-efficient cloud storage, presented at 32nd IEEE International Parallel and Distributed Processing Symposium, Vancouver, Canada, 2018.
[18]
S. Keelveedhi, M. Bellare, and T. Ristenpart, Dupless: Server-aided encryption for deduplicated storage, presented at 22nd USENIX Security Symposium, Washington, DC, USA, 2013.
[19]
S. Lee and D. Choi, Privacy-preserving cross-user sourcebased data deduplication in cloud storage, presented at International Conference on Information and Communication Technology Convergence, Jeju Island, Republic of Korea, 2012.
[20]
F. Armknecht, C. Boyd, G. T. Davies, K. Gjøsteen, and M. Toorani, Side-channels in deduplication: Trade-offs between leakage and efficiency, presented at 12th ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2017.
[21]
O. Heen, C. Neumann, L. Montalvo, and S. Defrance, Improving the resistance to side-channel attacks on cloud storage services, presented at 5th International Conference on New Technologies, Mobility and Security(NTMS), Istanbul, Turkey, 2012.
[22]
Y. Shin and K. Kim, Differentially private client-side data deduplication protocol for cloud storage services, Secur. Commun. Networks., vol. 8, no. 12, pp. 21142123, 2015.
Tsinghua Science and Technology
Pages 1-12
Cite this article:
Ha G, Chen H, Jia C, et al. Threat Model and Defense Scheme for Side-Channel Attacks in Client-Side Deduplication. Tsinghua Science and Technology, 2023, 28(1): 1-12. https://doi.org/10.26599/TST.2021.9010071

954

Views

94

Downloads

6

Crossref

4

Web of Science

11

Scopus

0

CSCD

Altmetrics

Received: 18 September 2021
Accepted: 29 September 2021
Published: 21 July 2022
© The author(s) 2023.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return